diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
index de97238fad..5642829e56 100644
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -299,4 +299,8 @@ add_action( 'admin_enqueue_scripts', 'wp_auth_check_load' );
add_filter( 'heartbeat_received', 'wp_auth_check', 10, 2 );
add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 );
+// Default authentication filters
+add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
+add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
+
unset($filter, $action);
diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php
index 1037a9f387..bb58c6fa71 100644
--- a/wp-includes/ms-functions.php
+++ b/wp-includes/ms-functions.php
@@ -1705,14 +1705,17 @@ function fix_phpmailer_messageid( $phpmailer ) {
* @since MU
* @uses get_user_by()
*
- * @param string $user_login Optional. Defaults to current user.
+ * @param string|WP_User $user Optional. Defaults to current user. WP_User object,
+ * or user login name as a string.
* @return bool
*/
-function is_user_spammy( $user_login = null ) {
- if ( $user_login )
- $user = get_user_by( 'login', $user_login );
- else
- $user = wp_get_current_user();
+function is_user_spammy( $user = null ) {
+ if ( ! is_a( $user, 'WP_User' ) ) {
+ if ( $user )
+ $user = get_user_by( 'login', $user );
+ else
+ $user = wp_get_current_user();
+ }
return $user && isset( $user->spam ) && 1 == $user->spam;
}
diff --git a/wp-includes/user.php b/wp-includes/user.php
index bc583a5789..718ae19bf4 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -89,19 +89,6 @@ function wp_authenticate_username_password($user, $username, $password) {
if ( !$user )
return new WP_Error( 'invalid_username', sprintf( __( 'ERROR: Invalid username. Lost your password?' ), wp_lostpassword_url() ) );
- if ( is_multisite() ) {
- // Is user marked as spam?
- if ( 1 == $user->spam )
- return new WP_Error( 'spammer_account', __( 'ERROR: Your account has been marked as a spammer.' ) );
-
- // Is a user's blog marked as spam?
- if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) {
- $details = get_blog_details( $user->primary_blog );
- if ( is_object( $details ) && $details->spam == 1 )
- return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) );
- }
- }
-
$user = apply_filters('wp_authenticate_user', $user, $password);
if ( is_wp_error($user) )
return $user;
@@ -140,6 +127,22 @@ function wp_authenticate_cookie($user, $username, $password) {
return $user;
}
+/**
+ * For multisite blogs, check if the authenticated user has been marked as a
+ * spammer, or if the user's primary blog has been marked as spam.
+ *
+ * @since 3.7.0
+ */
+function wp_authenticate_spam_check( $user ) {
+ if ( $user && is_a( $user, 'WP_User' ) && is_multisite() ) {
+ $spammed = apply_filters( 'check_is_user_spammed', is_user_spammy(), $user );
+
+ if ( $spammed )
+ return new WP_Error( 'spammer_account', __( 'ERROR: Your account has been marked as a spammer.' ) );
+ }
+ return $user;
+}
+
/**
* Number of posts user has written.
*